Back to BlogLessons Learned from 3 Cyberattacks in Financial Services
While digital transformation efforts in the financial services industry create unmatched convenience for customers and fantastic growth opportunities for businesses, they also bring new cybersecurity risks.
Unfortunately, as the third-most targeted industry* for cyberattacks, the financial services sector has numerous real-life examples that demonstrate the potential risks and consequences of such attacks. But as we mentioned in our post, 4 Cyberattacks on State/Local Government and What We Can Learn from Them, we don’t have to take these tales from a place of fear or panic. Instead, we can look at each of these stories to understand how to make our own businesses safer and strengthen our cybersecurity initiatives.
While stories of cyberattacks at other financial institutions might be frustrating, organizations can learn a lot from each of these situations and take them to make positive changes within their businesses. In this post, we’ll cover three stories of recent cyberattacks to start digging deeper into cybersecurity best practices and uncover valuable insights.
Danish Bank and Bankdata impacted by DoS attack
In January 2023, a denial-of-service (DoS) attack disrupted access to Denmark’s central bank and seven of the country’s private banks. The attackers targeted the central bank, along with Bankdata, a company that developed IT solutions for several other Danish banks.
Because of the attack, operations were shut down for several hours, including access to two of Denmark’s largest private banks. Although the organizations got operations back online later that same day, it still signaled to their customers and stakeholders that they were vulnerable to this type of attack in the first place and more than likely interrupted critical operations for users throughout the first half of the day.
Security Magazine explains why DoS attacks like this one are so detrimental to financial institutions: “The financial services industry, in particular, has become a prominent target for distributed denial of service (DDoS) threat actors, as these organizations hold a larger market share, and their users rely heavily on 24/7 access to the critical services they provide. As institutions shift their services online and become more digitally accessible through services like mobile banking, the DDoS attack surface expands, leaving them increasingly vulnerable to a potential attack.”
Lesson learned: Financial institutions should implement measures for identifying and isolating suspicious activity in real time.
A real-time threat detection and response solution is a great place to start defending against DoS attacks. There are early signs of an incoming DoS attack, such as:
- Lateral movement inside a system, in which an attacker is attempting to gain control of an internal system and then use it to trigger the attack
- An IP address making an abnormally large number of requests
- Lost connectivity across several devices in the same network
By identifying these signs as early as possible and taking remediation action, such as isolating affected endpoints or blocking malicious traffic, your business can minimize the effects of a DoS attack and ensure the availability of critical services for customers.
Ransomware attack against Fidelity National Financial
In November 2023, a malicious gang infiltrated Fidelity National Financial, a major player in real estate services, using a ransomware attack. The gang successfully stole sensitive data from Fidelity’s customers. The attack also forced operations to shut down for an entire week, including the company’s website and email services, potentially affecting 1.3 million users. This shutdown meant customers couldn’t pay mortgages or check in on other financial-related information, such as receiving payments for real estate sales, for this period of time.
Lesson learned: Financial institutions should take strategic actions to defend themselves against ransomware attacks, such as understanding their existing assets and proactively monitoring for early signs of attacks.
There are a few powerful steps that financial institutions can take to protect themselves from ransomware attacks, such as:
- Deactivating public IP access to Remote Desktop Protocol (RDP) and Windows Server Message Block (SMB)
- Using a port scanner to see if an attacker is performing reconnaissance on your system and looking for weak entry points
- Flagging and responding to early signs of ransomware. A few telltale signs include new software like network scanners or active directory access tools, the removal of security software, or unusual use of existing executables and binaries (e.g., unauthorized Powershell script execution)
- Planning ahead for potential ransomware attacks by creating a robust incident response plan and keeping online and offline backups of critical data
Martin Lewis and AI Social Engineering
While this story doesn’t focus on a particular financial institution, it still tells a cautionary tale to the FinServ industry. In the summer of 2023, English financial journalist and broadcaster Martin Lewis allegedly posted a video of himself discussing an Elon Musk project and telling British citizens it was a “great investment opportunity.”
It turned out that this video was an AI deepfake and wasn’t actually created by Lewis in the first place. According to Lewis, “This is frightening; it’s the first deep fake video scam I’ve seen with me in it. Government and regulators must step up to stop big tech from publishing such dangerous fakes. People will lose money, and it will ruin lives.”
The Financial Conduct Authority (FCA) released a warning to financial firms shortly after this incident, highlighting that cyberattacks and identity fraud will grow in scale and risk level because of AI.
Lesson learned: Now, more than ever, it’s vital for financial institutions to train staff and customers about recognizing social engineering risks, including emerging tactics such as AI deepfakes.
While many organizations already have training programs for spotting typical social engineering schemes, implementing training for spotting more subtle AI-driven threats is also important.
Forbes provides advice for training users to spot deepfakes, saying, “When it comes to [AI] phishing prevention and detection, nothing is more powerful than human intuition. Training employees to recognize and report fake online identities, visual anomalies such as lip sync inconsistencies, jerky head and torso movements, unusual audio cues, and irregular or suspicious requests is paramount. Organizations that do not have this training expertise can also consider phishing simulation programs that use real, in-the-wild example social engineering scripts.”
Of course, these emerging threats also make it more important than ever to turn to foundational cybersecurity practices, such as leveraging multi-factor authentication (MFA) and encouraging using single sign-on (SSO) for staff.
The power of effective threat detection and response
As we saw throughout these stories, effective detection and response can make all the difference when dealing with cyber threats. Blumira offers a threat detection and response platform with cloud SIEM, endpoint visibility, and automated response to suspicious activities. We simplify security for lean financial IT teams with one easy-to-use solution, saving time and staff hours.
Check out Today’s Top Cybersecurity Challenges for Credit Unions — And How To Overcome Them to learn more cybersecurity tactics for small to medium-sized teams at financial institutions.
*https://www.cfo.com/news/financial-industry-is-third-most-targeted-by-hackers/654808/